Part of this fixed itself when I power cycled the darn gateway router. I have no idea what happened there. I feel like a dog chasing my tail today. Thank you Warren and Alan for helping me out.<br><br><div class="gmail_quote">
On Sun, Mar 21, 2010 at 3:47 PM, Warren Kumari <span dir="ltr"><<a href="mailto:warren@kumari.net">warren@kumari.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
wkumari@lisa:~$ ping 71.12.99.115<br>
PING 71.12.99.115 (71.12.99.115) 56(84) bytes of data.<br>
<br>
--- 71.12.99.115 ping statistics ---<br>
5 packets transmitted, 0 received, 100% packet loss, time 4016ms<br>
<br>
wkumari@lisa:~$ dig SOA <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a> @<a href="http://71.12.99.115" target="_blank">71.12.99.115</a><br>
<br>
; <<>> DiG 9.7.0-P1 <<>> SOA <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a> @<a href="http://71.12.99.115" target="_blank">71.12.99.115</a><br>
;; global options: +cmd<br>
;; connection timed out; no servers could be reached<br>
wkumari@lisa:~$<br>
<br>
<br>
Cannot get there?<br>
<br>
route-views>sho ip route 71.12.99.115<br>
% Network not in table<br>
route-views>sho ip bgp 71.12.99.115<br>
BGP routing table entry for <a href="http://71.12.96.0/20" target="_blank">71.12.96.0/20</a>, version 4184824908<br>
Paths: (34 available, no best path)<br>
Flag: 0x820<br>
Not advertised to any peer<br>
701 3356 20115, (aggregated by 20115 172.31.148.182)<br>
157.130.10.233 (inaccessible) from 157.130.10.233 (137.39.3.60)<br>
Origin IGP, localpref 100, valid, external, atomic-aggregate<br>
3277 3216 19151 20115, (aggregated by 20115 172.31.148.182)<br>
194.85.102.33 (inaccessible) from 194.85.102.33 (194.85.4.16)<br>
Origin IGP, localpref 100, valid, external, atomic-aggregate<br>
Community: 210766776 210766877 214764688 1255080936 1255140942 1255144956 1318259640 1318319642<br>
7500 2516 19151 20115, (aggregated by 20115 172.31.148.182)<br>
202.249.2.86 (inaccessible) from 202.249.2.86 (203.178.133.115)<br>
Origin IGP, localpref 100, valid, external, atomic-aggregate<br>
1239 19151 20115, (aggregated by 20115 172.31.148.182)<br>
144.228.241.130 (inaccessible) from 144.228.241.130 (144.228.241.130)<br>
Origin IGP, localpref 100, valid, external, atomic-aggregate<br>
3333 3356 20115, (aggregated by 20115 172.31.148.182)<br>
[SNIP]<br><font color="#888888">
<br>
W</font><div><div></div><div class="h5"><br>
<br>
<br>
<br>
<br>
On Mar 21, 2010, at 12:41 PM, michael peters wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Here is more information.<br>
<br>
I'm testing my external BIND 9.6.1 systems with <a href="http://www.checkdns.net/powercheck.aspx" target="_blank">http://www.checkdns.net/powercheck.aspx</a>. Outbound resolution is fine. Internal resolution is fine. External resolution seems to be the problem. My firewall allows port 53 UDP and TCP.<br>
<br>
The messages I get are:<br>
<br>
Found NS record: <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>[71.<br>
12.99.115], was resolved to IP address by <a href="http://G.GTLD-SERVERS.NET" target="_blank">G.GTLD-SERVERS.NET</a><br>
Found NS record: <a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a>[71.12.99.116], was resolved to IP address by <a href="http://G.GTLD-SERVERS.NET" target="_blank">G.GTLD-SERVERS.NET</a><br>
Domain has 2 DNS server(s)<br>
<br>
CheckDNS.NET is verifying if NS are alive<br>
Error fetching SOA from <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a> [71.12.99.115], request timed out. Probably DNS server is offline.<br>
Error fetching SOA from <a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a> [71.12.99.116], request timed out. Probably DNS server is offline.<br>
0 server(s) are alive<br>
No DNS servers alive, tests stopped<br>
<br>
What other information should I provide to be helpful in getting this solved?<br>
<br>
<br>
- Show quoted text -<br>
On Sun, Mar 21, 2010 at 2:03 PM, Alan Clegg <<a href="mailto:aclegg@isc.org" target="_blank">aclegg@isc.org</a>> wrote:<br>
- Show quoted text -<br>
michael peters wrote:<br>
> Is it a problem to get a message from a DNS checking tool that indicates<br>
> "Error fetching SOA from <a href="http://ns1.example.com" target="_blank">ns1.example.com</a> <<a href="http://ns1.example.com" target="_blank">http://ns1.example.com</a>>?" Both<br>
> of my external BIND 9.6.1 servers respond the same way and I'm assuming<br>
> that I need to add something to my configuration.<br>
<br>
We know nothing about your configuration, nothing about the zone that<br>
you are trying to serve, and nothing about the "checking tool" that you<br>
are using to test.<br>
<br>
Not much to go on. Feel free to post configuration information and we<br>
might be able to help.<br>
<br>
AlanC<br>
<br>
<br>
_______________________________________________<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
Reply<br>
Reply to all<br>
Forward<br>
<br>
<br>
<br>
<br>
<br>
Reply<br>
<br>
|<br>
<br>
michael peters ✆ to Alan, Bind<br>
show details 2:40 PM (0 minutes ago)<br>
<br>
Here are the configuration files.<br>
<br>
<br>
# more named.conf<br>
include "/etc/bind/named.conf.options"<br>
;<br>
<br>
// prime the server with knowledge of the root servers<br>
zone "." {<br>
type hint;<br>
file "/etc/bind/db.root";<br>
};<br>
<br>
// be authoritative for the localhost forward and reverse zones, and for<br>
// broadcast zones as per RFC 1912<br>
<br>
zone "localhost" {<br>
type master;<br>
file "/etc/bind/db.local";<br>
};<br>
<br>
zone "127.in-addr.arpa" {<br>
type master;<br>
file "/etc/bind/db.127";<br>
};<br>
<br>
zone "0.in-addr.arpa" {<br>
type master;<br>
file "/etc/bind/db.0";<br>
};<br>
<br>
zone "255.in-addr.arpa" {<br>
type master;<br>
file "/etc/bind/db.255";<br>
};<br>
<br>
<br>
zone "<a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>" {<br>
type master;<br>
file "/etc/bind/db.lazarusalliance.com.hosts";<br>
allow-update {<br>
any;<br>
};<br>
allow-transfer {<br>
any;<br>
};<br>
allow-query {<br>
any;<br>
};<br>
};<br>
<br>
zone "99.12.71.in-addr.arpa" {<br>
type master;<br>
file "/etc/bind/71.12.99.rev";<br>
};<br>
<br>
include "/etc/bind/named.conf.local";<br>
logging {<br>
category lame-servers {<br>
null;<br>
};<br>
};<br>
key rndc-key {<br>
algorithm hmac-md5;<br>
secret "********************************************";<br>
};<br>
controls {<br>
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };<br>
};<br>
++++++++++++++++++++++++++++++<br>
<br>
# more named.conf.local<br>
//<br>
// Do any local configuration here<br>
//<br>
<br>
// Consider adding the 1918 zones here, if they are not used in your<br>
// organization<br>
//include "/etc/bind/zones.rfc1918";<br>
<br>
++++++++++++++++++++++++++++++<br>
<br>
# more named.conf.options<br>
options {<br>
directory "/var/cache/bind";<br>
<br>
// If there is a firewall between you and nameservers you want<br>
// to talk to, you might need to uncomment the query-source<br>
// directive below. Previous versions of BIND always asked<br>
// questions using port 53, but BIND 8.1 and later use an unprivileged<br>
// port by default.<br>
<br>
query-source address * port 53;<br>
<br>
// If your ISP provided one or more IP addresses for stable<br>
// nameservers, you probably want to use them as forwarders.<br>
// Uncomment the following block, and insert the addresses replacing<br>
// the all-0's placeholder.<br>
<br>
// forwarders {<br>
// 0.0.0.0;<br>
// };<br>
<br>
auth-nxdomain no; # conform to RFC1035<br>
listen-on-v6 { any; };<br>
allow-transfer {<br>
any;<br>
};<br>
allow-query {<br>
any;<br>
};<br>
};<br>
<br>
++++++++++++++++++++++++++++++<br>
<br>
# more db.lazarusalliance.com.hosts<br>
$ttl 3600<br>
@ IN SOA <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>. <a href="http://postmaster.lazarusalliance.com" target="_blank">postmaster.lazarusalliance.com</a>. (<br>
2010022604<br>
1200<br>
3600<br>
1209600<br>
3600 )<br>
;<br>
@ 3600 IN NS <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>.<br>
@ 3600 IN NS <a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a>.<br>
;<br>
<a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>. IN A 71.12.99.115<br>
<a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a>. IN A 71.12.99.116<br>
<a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>. IN A 71.12.99.118<br>
;<br>
<a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>. IN MX 5 <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>.<br>
<br>
<br>
++++++++++++++++++++++++++++++<br>
<br>
# more 71.12.99.rev<br>
$TTL 38400<br>
@ IN SOA <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>. <a href="http://postmaster.lazarusalliance.com" target="_blank">postmaster.lazarusalliance.com</a>. (<br>
2010032007<br>
10800<br>
3600<br>
604800<br>
38400 )<br>
@ IN NS <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>.<br>
115 IN PTR <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>.<br>
116 IN PTR <a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a>.<br>
118 IN PTR <a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>.<br>
<br>
<br>
On Sun, Mar 21, 2010 at 2:02 PM, Warren Kumari <<a href="mailto:warren@kumari.net" target="_blank">warren@kumari.net</a>> wrote:<br>
On Mar 21, 2010, at 11:21 AM, michael peters wrote:<br>
<br>
Is it a problem to get a message from a DNS checking tool that indicates "Error fetching SOA from <a href="http://ns1.example.com" target="_blank">ns1.example.com</a>?" Both of my external BIND 9.6.1 servers respond the same way and I'm assuming that I need to add something to my configuration.<br>
<br>
<br>
In order for us to be able to provide you with useful answers, please provide us with the domain name, the name of the checking tool and the name of the server it is grumpy about.<br>
<br>
>From a FAQ: <a href="http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames" target="_blank">http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames</a><br>
<br>
W<br>
<br>
P.S:<br>
<br>
dig SOA <a href="http://ns1.example.com" target="_blank">ns1.example.com</a><br>
<br>
; <<>> DiG 9.7.0-P1 <<>> SOA <a href="http://ns1.example.com" target="_blank">ns1.example.com</a><br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51889<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;<a href="http://ns1.example.com" target="_blank">ns1.example.com</a>. IN SOA<br>
<br>
;; AUTHORITY SECTION:<br>
<a href="http://example.com" target="_blank">example.com</a>. 10800 IN SOA <a href="http://dns1.icann.org" target="_blank">dns1.icann.org</a>. <a href="http://hostmaster.icann.org" target="_blank">hostmaster.icann.org</a>. 2009100600 7200 3600 1209600 86400<br>
<br>
;; Query time: 76 msec<br>
;; SERVER: 127.0.0.1#53(127.0.0.1)<br>
;; WHEN: Sun Mar 21 14:59:42 2010<br>
;; MSG SIZE rcvd: 94<br>
<br>
<br>
:-P<br>
<br>
<br>
<br>
Please advise.<br>
_______________________________________________<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br>